Technical Articles >  ArcGIS Server (10.0 and prior)  >  Installation  >  Errors and Unexpected Behavior

Knowledge Base - Technical Articles


Technical Article   Error:  Identity Error: Server could not authenticate the supplied identity

Article ID: 37427
Software:  ArcGIS Server 9.3, 9.3.1, 10
Platforms:  Windows 2000, XP, 2003Server, Vista, 2008Server, Win 7

Error Message

When opening the Services Directory application or connecting to a Web service, the following error message returns:

"Identity Error: Server could not authenticate the supplied identity".

This issue applies to ArcGIS Server for the Microsoft .NET Framework.

Cause

The ArcGISWebServices account has not been granted rights to 'Allow log on locally' in the local group policy.

Solution or Workaround

The ArcGISWebServices user account must be added to the access control list for the 'Allow log on locally' policy on the GIS Server machine.

  1. Click Start > Run... In the Run box, type GPEDIT.msc. Press the Enter key.
  2. In the Group Policy editor, expand Computer Configuration > Windows Settings.
  3. Navigate to Security Settings > Local Policies > User Rights Assignment.
  4. Double-click on 'Allow log on locally'.

    [O-Image]
  5. In the 'Allow log on locally' policy properties, click 'Add User or Group' to add the ArcGISWebServices account to the access control list.

Related Information


Created: 12/9/2009
Last Modified: 9/15/2010

Article Rating: (3)
If you would like to post a comment, please login

Comments

By will6303 - 02/07/2012 9:08 AM

Great article! It helped a lot!

ArcGISWebService requires log on locally rights because it must log in each time REST or Services is accessed via IIS. These web applications run via .NET "impersonation" - each time they are accessed, they run as the ArcGISWebServices user. To perform impersonation the impersonation account must be authenticated. This authentication is accomplished by a local Windows logon.

Rating:

By harley - 06/06/2011 8:27 PM

The article needs to be updated.

well, providing a web service to log on locally is a concern if the the account is not really a service. why does the web service need to have local log in rights? is it really a service? can the credentials be managed by active directory?

Rating:

By Anonymous - 03/09/2011 4:01 AM

I have suggested related resources/links that can enhance this article. See below.

There is a simplier solution - add user to Administrators in Config files

Rating: